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REMARKS/ARGUMENTS 

Prior to the entry of this Amendment, claims 1-48 were pending in this 
Application. No claims have been amended, no claims have been added, and no claims have 
been canceled herein. Therefore claims 1-48 remain pending in this application. Applicant 
respectfully requests reconsideration of these claims for at least the reasons presented below. 

35 U.S.C. § 103 Rejection, Boltz in view of Purpura 

The Office Action has rejected claims 1-48 under 35 U.S.C. § 103(a) as being 
unpatentable over U. S. Patent No. 6,981,043 B2 of Botz et al. (hereinafter Botz") in view of 
U. S. Patent No. 6,421,768 Bl of Purpura et al. (hereinafter "Purpura"). The Applicant 
respectfully submits that the Office Action does not establish a prima facie case of obviousness 
in rejecting these claims. Therefore, the Applicant requests reconsideration and withdrawal of 
the rejection. 

In order to establish a prima facie case of obviousness, the Office Action must 
establish: 1) some suggestion or motivation, either in the references themselves or in the 
knowledge generally available to one of ordinary skill in the art, to modify the references or 
combine their teachings; 2) a reasonable expectation of success of such a modification or 
combination; and 3) a teaching or suggestion in the cited prior art of each claimed limitation. 
See MPEP § 706.02(j). However, as will be discussed below, the references cited by the Office 
Action do not teach or suggest each claimed limitation. For example, neither reference, alone or 
in combination, teaches or suggests authorizing a first user to access a system or resource as a 
second user. 

Botz relates to "an apparatus and method allow a system administrator to manage 
multiple user identities in multiple user registries in different processing environments." (Col. 2, 
lines 12-15) Under Botz "an identity mapping mechanism is provided that includes a directory 
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service that includes entries that reference user identities in the multiple registries, and that 
reference identity mappings between those entries." (Col. 2, lines 15-19) That is, Botz teaches 
identifying a user's accounts on different systems. Specifically, Botz "provides the infrastructure 
for correlating multiple user identities in these different environments to a single user ." (Col. 5, 
lines 47-50) For example, "a user may enter security information for one local user identity, and 
an operating system or application may use the identity mapping mechanism of [Botz] to 
determine corresponding security information on a different platform or application." (Col. 5, 
lines 55-60) 

However, Botz does not teach or suggest authorizing a first user to access a 
system or resource as a second user. To show support for the argument that Botz does in fact 
teach such "impersonation," the Office Action cites col. 12, lines 1-14 of Botz. This paragraph 
states, in it entirety: 

"One significant advantage of the present invention is that the security semantics 
for each environment are maintained, yet the security information for one 
environment may be mapped to equivalent security information in a different 
environment. This capability avoids the need for a user to remember multiple 
identities and passwords for the different environments. Once the user is 
authenticated for one environment, the identity mapping mechanism of the 
preferred embodiments can be used to find an appropriate identity in a 
different user registry that is associated with the authenticated user , and 
impersonate the associated identity or otherwise apply the security semantics of 
the second user registry in order to access data protected by its security 
semantics." (Emphasis added) 

It is clear from this paragraph, especially when read in light of the previously 
cited sections of Botz, that Botz does not teach of suggest authorizing a first user to access a 
system or resource as a second user. Rather, as explicitly stated in Botz and quoted above, Botz 
teaches correlating multiple user identities in different environments to a single user . 

Purpura is directed to "securely transferring user authentication information from 
a first computer to one or more other computers to allow the user to interact with the other 
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computers without necessarily having to explicitly identify himself thereto." (Col. 1, lines 8-12 
and col. 2, lines 19-22) More specifically, Purpura teaches a single sign-on method. (Col. 2, 
lines 23-24) "Thus, if a second computer trusts the methods used by a first computer to 
authenticate a user, then the second computer can use a cryptographically assured cookie created 
by the first computer to authenticate the user, without requiring the user to perform an explicit 
authentication step at the second computer." (Col. 2, lines 24-29) 

That is, Purpura discloses a single sign-on method that, as is typical of single 
sign-on, allows a user to access a second computer system based on his access of a first computer 
system. In other words, under Purpura, a user can logon to or access a first system which 
performs any necessary authentication. The first system then issues a token, in this case, a 
"cryptographically assured cookie," to the user. The same user can then use this token to access 
other systems without re-authenticating. However, Purpura does not disclose impersonation, 
i.e., authorizing a first user to access a system or resource as a second user. 

The combination of Botz and Purpura is no more relevant to the pending claims 
than either reference alone since neither reference, alone or in combination, teaches or suggests 
authorizing a first user to access a system or resource as a second user. Rather, Botz teaches 
correlating multiple user identities in different environments to a single user. Similarly, Purpura 
teaches allowing a user to access a system based on a token provided by another system, i.e., a 
single sign-on method that allows a user to access a second computer system based on his access 
of a first computer system. Thus, both Botz and Purpura teach allowing a particular, single user 
to access different systems or environments based on his access of one system or environment. 
However, neither reference, alone or in combination, teaches or suggests authorizing a first user 
to access a system or resource as a second user. 

Claim 1, upon which claims 2-15 depend, claim 28, upon which claims 29-38 
depend, and claim 35, upon which claims 36-38 depend, each recite in part "receiving 
authentication credentials for a first user and an identification of a second user; authenticating 
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said first user based on said authentication credentials for said first user; creating a cookie that 
stores an indication of said second user if said step of authenticating is performed successfully; 
and authorizing said first user to access a first resource as said second user based on said 
cookie." Neither reference, alone or in combination, teaches or suggests, authorizing a first user 
to access a first resource as a second user. Rather, Botz teaches correlating multiple user 
identities in different environments to a single user while Purpura teaches allowing a user to 
access a system based on a token provided by another system, i.e., single sign-on. For at least 
these reasons, claims 1-15, 28-38, and 35-38 should be allowed. 

Claim 16, upon which claims 17-23 depend, claim 39, upon which claims 40-44 
depend, and claim 45, upon which claims 46-48 depend, each recite in part "receiving 
authentication credentials for an impersonator and an identification of an impersonatee at an 
access system, wherein said access system protects a first resource that is separate from said 
access system; authenticating said impersonator based on said authentication credentials for said 
impersonator, wherein said step of authenticating is performed by said access system; and 
authorizing said impersonator to access said first resource as said impersonatee, wherein said 
step of authorizing is performed by said access system." Neither reference, alone or in 
combination, teaches or suggests, authorizing a first user to access a first resource as a second 
user. Rather, Botz teaches correlating multiple user identities in different environments to a 
single user while Purpura teaches allowing a user to access a system based on a token provided 
by another system, i.e., single sign-on. For at least these reasons, claims 16-23, and 39-48 
should be allowed. 

Claim 24, upon which claims 25-27 depend, recites in part "receiving 
authentication credentials for the first entity and an identification of the second entity at an 
access system, wherein said access system protects a plurality of resources; receiving an 
indication of one or more of said plurality of resources; authenticating said first entity based on 
said authentication credentials for said first entity, wherein said step of authenticating is 
performed by said access system; and authorizing said first entity to access said one or more of 
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said plurality of resources as said second entity, wherein said step of authorizing is performed by 
said access system." Neither reference, alone or in combination, teaches or suggests, authorizing 
a first user to access a first resource as a second user. Rather, Botz teaches correlating multiple 
user identities in different environments to a single user while Purpura teaches allowing a user to 
access a system based on a token provided by another system, i.e., single sign-on. For at least 
these reasons, claims 24-27 should be allowed. 



In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000. 

Respectfully submitted, 



TOWNSEND and TOWNSEND and CREW LLP 
Two Embarcadero Center, Eighth Floor 
San Francisco, California 941 1 1-3834 
Tel: 303-571-4000 (Denver) 
Fax: 303-571-4321 (Denver) 
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CONCLUSION 




William J. Daley 
Reg. No. 52,471 
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